#!/bin/bash
## kola:
##   # This test doesn't meaningfully change the system and
##   # can be run with other tests.
##   exclusive: false
##   # This test pulls a container image from the network.
##   tags: "needs-internet platform-independent"
##   description: Verify that tmpfs mounts inside a container
##     have the `container_file_t` label.

# See https://github.com/coreos/fedora-coreos-tracker/issues/1366

set -xeuo pipefail

# shellcheck disable=SC1091
. "$KOLA_EXT_DATA/commonlib.sh"

context=$(podman run --rm --privileged quay.io/fedora/fedora:39 \
            bash -c "mount -t tmpfs tmpfs /mnt/ && stat --format '%C' /mnt/")
if [ "$context" != "system_u:object_r:container_file_t:s0" ]; then
    fatal "SELinux context for files on a tmpfs inside a container is wrong"
fi
ok "SELinux context for files on a tmpfs inside a container is correct"
